Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Comfast CF-E7 Wireless Router Allows Remote Command Injection
CVE-2026-2824
Summary
A bug in Comfast CF-E7 firmware 2.6.0.9 allows an attacker to remotely execute malicious commands on the router, potentially giving them control over the device. This is a serious security risk because it allows hackers to access your network and potentially steal sensitive information. Update to the latest firmware version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| comfast | cf-e7_firmware | 2.6.0.9 | – |
Original title
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulat...
Original description
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
- https://github.com/jinhao118/cve/blob/main/ComFast%20Router_4.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.346949 Permissions Required VDB Entry
- https://vuldb.com/?id.346949 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753878 Third Party Advisory VDB Entry
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026